The hacker who cracked HD DVD strikes again by defeating Blu-ray Disc encryption

Late last year, a crafty individual who goes by the name “Muslix64”
circumvented the
copy protection scheme used to protect HD DVD. Given the
similarities between the copy protection methods used in the high-definition
optical formats, it was only a matter of time before Blu-ray Disc’s
protections would be bypassed. However, Muslix64 has no access to Blu-ray
hardware, limiting his exploit methods to HD DVD. That is, until Muslix64 came
across some specific data for Blu-ray Disc, allowing him to apply his methods
to the yet-uncracked format.

Another individual interested in Blu-ray’s protection scheme,
“Janvitos,” who also participates in the same online forum where Muslix64
revealed his HD DVD work, posted a message
showing the directory structure from a Lord
of War Blu-ray Disc movie. Janvitos extracted the information by going
through his system’s memory with WinHEX after playing the movie on his computer
using WinDVD.

The memory dump information caught the attention of
Muslix64, who replied to the
thread saying, “In less [than] 24 hours, without any Blu-Ray equipment, but
with the help of Janvitos, I managed to decrypt and play a Blu-Ray media file
using my known-plaintext attack.” Muslix64 then posted a file as an example of
his decryption work, though he did say that his method does not address BD+.

Muslix64 then went on to explain how he was able to
accomplish this feat with his plaintext attack method. “This is a very
basic, but [powerful] crypto attack that I have used to decrypt both [HD DVD
and Blu-ray] formats,” he wrote. “After reading posts of people trying to get
the keys in memory, I realized, I have a different way of looking into the
problem…A lot of people try to attack the software, I'm attacking the data!”

“So I spent more time analysing the data, to look for
patterns or something special to mount my known-plaintext attack,” Muslix64
explains. “Because I know the keys are unprotected in memory, I can skip all
the [painful] process of code reversal.”

Although Muslix64 did not have any Blu-ray equipment at his
disposal, he was still able to recover the keys with the help of Janvitos’ memory
dump file and media file. Blu-ray media files are divided into individual
aligned units. The first 16 bytes of each unit are not encrypted, with the rest
being encrypted using AES in CBC mode. Muslix64 examined the non-encrypted
portions of the data and found a reoccurring pattern, which he used to mount
his known-plaintext attack.

Muslix64 goes on: “In most cases, the know-plaintext attack
is in fact a guessed-plaintext attack. We ‘assume’ the data will look like something
we ‘guessed’ when decrypted. Most of the time, it works! Knowing that, all you
have to do, is to write a small program that scan a memory dump file, that
comes from of a software player while it was playing the movie. The key is in
that file, you have to locate it.”

Once the value and position of the key is in memory, all one
has to do is to use a memory landmarking function to locate the key and defeat
the encryption. The method discovered by Muslix64 and Janvitos is specific to
Blu-ray, though similar means were used to decrypt HD DVD. This hack was made
possible by the fact that the keys were not protected in memory when running
video-playing software on the PC.

Even without any Blu-ray hardware at his disposal, Muslix64
shortly followed his findings reveal with the alpha release
of BackupBluRay V.0.21, software he wrote to decrypt Blu-ray Discs.
Limitations to his software at this time are that it doesn’t support BD+ or
volume unique keys and that it only supports one CPS key per disc. Users
wishing to utilize the software will also have to provide their own CPS unit
key.

Those who have tried the software report that they have
successfully been able to decrypt and copy their own Blu-ray Discs for playback
on both PC software and set-top players. If the cracking of HD DVD and the release of pirated
files is of any indication, however, Blu-ray may soon see illegal copies
hitting the black market and parts of the Internet.

Comments

Threshold

Username

Password

remember me

This article is over a month old, voting and posting comments is disabled

Free? Are you kidding? This basically bring us one step closer to a bandwidth tax. Once the entertainment industry can convince congress that dispite their best efforts they can't prevent their properties from being stolen, the most likely outcome is some form of compensation scheme, with the cost pegged to home internet usage. Just watch, it's going to happen. Suddenly one day there'll be yet another mysterious surcharge showing up on your phone/cable bill.

I find it hilarious that people complain about DRM practices and rejoice when they are broken. I'm certainly no fan of the studios or DRM, but you all realize that we brought DRM upon ourselves, right? There's no inherent right for music or movies to be free. By taking them without paying (by whatever means) we forced "the man's" hand.

If no one ever stole, the studios would have no reason to put all this protection crap on and we'd all be a lot happier. CDs, DVDs and everything else would probably be a bit cheaper too.

quote: CDs, DVDs and everything else would probably be a bit cheaper too.

is utter bullshit.
The market decides the prices. In many situations, the piracy even makes titles cheaper (it happened for PS2 titles in China with executives admitting it). Why? because they figure that if contents are cheaper people will take the comfortable and legal way. If they feel overcharged, then many people will prefer to put aside a "dubious" moral issue than not have their contents. I only say dubious because, when contents are overpriced many people would not be able to buy them any way, which means, by their logic (which is not all that incorrect), that they can steal the product without harming anyone (assuming they would not buy it if piracy was not an option).

The most important message I wanted to pass is that the myth that "piracy makes software and media more expensive" is FUD. The market decides the prices. They will charge what people are willing to pay.

Only in extreme piracy environments does piracy reflect hardly on the industry. Pay TV in Spain was temporarily killed by piracy. Investments on legit businesses like movie-rental and many others are made hard due to rampant piracy in Latin America and large portions of Asia.

You enjoy paying the movie studios to tell where you can play your movies and where you can't?

Did you know it is illegal for you to rip a DVD that you have purchased to play it in your iPod? But why should it be, if you have already paid for the damn DVD. Start being smarter and think before you speak.

The more we allow the studios to control the way we see the stuff we pay for, the worst thnigs will get. The hacking efforts are totally welcomed by me, I am an advocate that if you pay for a movie, you should be able to play wherever the hell you want, not have to pay for one copy for your dvd player, one copy for your PC, one copy for your ipod, etc...